You could write yourself a rawbody rule to match on the string: td>NEVOB>> "Dietmar Maurer" <[EMAIL PROTECTED]> 08/14/08 1:53 AM >>>
Recently there are tons of simple mails like:
ftp://pve.proxmox.com/tmp/sample-spam1.txt
ftp://pve.proxmox.com/tmp/sample-spam2.txt
Seems that they trigger some
On Thu, 14 Aug 2008, Dietmar Maurer wrote:
Does anybody know a way to block them effectively without
using network tests?
Check for stupid HTML: add some points for "http://www.impsec.org/~jhardin/
[EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED]
key: 0xB8732E79 -- 2D8C 34
Rats. It does seem like everything getting through lately is scoring 0% in
Bayes. I was hoping it was just clever spammers. I guess it's time to
purge my Bayes database and start over.
--
Owen B. Mehegan ([EMAIL PROTECTED])
> On Tue, Aug 12, 2008 at 12:41:17PM -0700, Owen Mehegan wrote:
>> Here
On Tue, Aug 12, 2008 at 12:41:17PM -0700, Owen Mehegan wrote:
> Here are two more that got through today. Even several hours later, these
> haven't shown up in blacklists. Do anyone else's rules catch these?
Your main problem is that both messages hit BAYES_00:
> X-Spam-Status: No, score=2.0 req
On Thu, Aug 07, 2008 at 01:51:00PM -0700, Owen B. Mehegan wrote:
> Uh, whoops. Apparently I deleted the body of the message before I sent it.
> Sorry...
>
> I was asking for help figuring out why messages like the one I attached
> are getting through my SA setup. I'm using SA 3.2.1 with spamd, thr
"Owen B. Mehegan" <[EMAIL PROTECTED]> writes:
> This message scores as follows on my system:
>
> 2.0 FREEMAIL_FROM From-address is freemail domain
> 0.0 BOTNET_SERVERWORDS Hostname contains server-like substrings
> [botnet_serverwords,ip=98.136.45.12,rdns=n65a.bullet.mail.sp1
Uh, whoops. Apparently I deleted the body of the message before I sent it.
Sorry...
I was asking for help figuring out why messages like the one I attached
are getting through my SA setup. I'm using SA 3.2.1 with spamd, through
Postfix, on Linux.
This message scores as follows on my system:
2.0
